General
-
Target
0fe8469cbae130d45ae34e6c0a5c234928ad3776c4999ef03f065f960729408d
-
Size
184KB
-
Sample
220604-re4s5aefcn
-
MD5
86904bef92845b067a76d08ade4cc08b
-
SHA1
33ce7286d3a5f2cea3c5197e63fcbbc6effa026a
-
SHA256
0fe8469cbae130d45ae34e6c0a5c234928ad3776c4999ef03f065f960729408d
-
SHA512
7db74feff0246d8d5564cccbd23dcc555147881c7733f79c6013f9dcfae4f5f8d2fdde28722794665c73fdf85dd5f5d0a895fb9372dcc6fe0170b51cf1b293e2
Static task
static1
Behavioral task
behavioral1
Sample
0fe8469cbae130d45ae34e6c0a5c234928ad3776c4999ef03f065f960729408d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0fe8469cbae130d45ae34e6c0a5c234928ad3776c4999ef03f065f960729408d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
103.232.222.57
111.121.193.242
123.249.0.22
Targets
-
-
Target
0fe8469cbae130d45ae34e6c0a5c234928ad3776c4999ef03f065f960729408d
-
Size
184KB
-
MD5
86904bef92845b067a76d08ade4cc08b
-
SHA1
33ce7286d3a5f2cea3c5197e63fcbbc6effa026a
-
SHA256
0fe8469cbae130d45ae34e6c0a5c234928ad3776c4999ef03f065f960729408d
-
SHA512
7db74feff0246d8d5564cccbd23dcc555147881c7733f79c6013f9dcfae4f5f8d2fdde28722794665c73fdf85dd5f5d0a895fb9372dcc6fe0170b51cf1b293e2
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-